More than 15 years after the launch of the microblogging social media platform, Twitter remains a dominant public forum for instant communication with individuals and organizations worldwide on a universe of topics, including #cybersecurity.
Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Our review considered experience in enterprise cybersecurity, contributions to research and real-time developments, and Twitter-specific metrics like following and activity frequency.
Top Cybersecurity Experts to Follow on Twitter
Aleksandra Doniec | @hasherezade
One of Europe’s top malware analysts thanks to her work for places like Malwarebytes, Aleksandra Doniec has provided a number of in-depth ransomware analyses and security tools throughout her career. Her contributions were significant enough to have her included in Forbes’ 2018 “30 Under 30 Europe” in the Technology category. Her private account offers a host of cybersecurity insights, particularly related to malware and ransomware, along with personal tweets. Her website also provides links to some of the useful cybersecurity tools and scripts she has created over the years, many of them open source.
Binni Shah | @binitamshah
Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives.
Brian Krebs | @briankrebs
Brian Krebs is an independent investigative reporter known for his coverage of technology, malware, data breaches, and cybercrime developments. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com.
Bruce Schneier | @schneierblog
Security technologist Bruce Schneier was respected long before the launch of Twitter. His 1994 book detailing cryptographic algorithms (Applied Cryptography) was just the beginning of his contributions to technical perspectives on system design, cybersecurity, privacy, and more.
Dave Kennedy | @hackingdave
Dave Kennedy started as forensic analysis and cyber warfare specialist in the US Marine Corps before entering the enterprise space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide.
Eugene Kaspersky | @e_kaspersky
Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. Kaspersky currently serves as CEO and a distinguished cybersecurity expert in the international community.
Also read: Top Endpoint Detection and Response (EDR) Solutions
Eva Galperin | @evacide
Starting with her first desktop on a Unix machine at age 12, Eva Galperin’s contributions to cybersecurity include research on malware and privacy. Galperin is the current Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and noted free speech advocate.
Graham Cluley | @gcluley
Graham Cluley started as a videogame developer and antivirus programmer three decades ago before serving in senior roles at Sophos and McAfee. In recent years, Cluley has been well-known for his cybersecurity analysis, blog, and award-winning podcast Smashing Security.
Jack Daniel | @jack_daniel
Longtime network and system administrator Jack Daniel is a technology community activist, mentor, and storyteller. His contributions include founding Security BSides, serving as Strategist for Tenable, speaking at conferences, and co-hosting the podcast Security Voices.
Jason Haddix | @JHaddix
Through tenures at Citrix, HP, and Bugcrowd, Jason Haddix offers his expertise in the areas of penetration testing, web application testing, static analysis, and more. Haddix continues to provide his insights while serving as the Head of Security and Risk Management for Ubisoft.
Jayson E. Street @jaysonstreet
Jayson E. Street is an expert in penetration testing, detection and response, pen testing, and auditing and co-author of Dissecting the Hack: The F0rb1dd3n Network. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY.
Read more: Top IT Asset Management Tools for Security
Jeremiah Grossman | @jeremiahg
With deep industry experience, Jeremiah Grossman was the Information Security Officer for Yahoo!, founder and CTO of WhiteHat Security, and most recently Chief of Security Strategy for SentinelOne. Currently CEO of Bit Discovery, Grossman is an innovative industry leader.
Marcus J. Carey | @marcusjcarey
Marcus J. Carey started his cybersecurity career assisting federal agencies with pen testing, incident response, and digital forensics. Two decades later, the information security expert is a distinguished author (Tribe of Hackers), entrepreneur, and speaker.
Maria Markstedter | @Fox0x01
As managing vulnerabilities in embedded systems become increasingly crucial to cybersecurity, Maria Markstedter offers her expertise as an independent security researcher and founder of Azeria Labs. Markstedter actively contributes to filling the infosec education gap.
Matthew Green | @matthew_d_green
Matthew Green is a renowned expert in cryptographic engineering. Green’s contributions to applied cryptography are profound, and his other research includes securing storage and payment systems. He is currently an Associate Professor at John Hopkins University.
Katie Moussouris | @k8em0
Katie Moussouris’ resume includes studying at MIT and Harvard, enterprise experience at Symantec and Microsoft, and years of promoting bug bounty programs and white hat hacking. Today, Moussouris is the founder and CEO of cybersecurity consultancy Luta Security.
Also read: Top Next-Generation Firewall (NGFW) Vendors
Kevin Mitnick | @kevinmitnick
Formerly on the FBI’s Most Wanted list, Kevin Mitnick is a crucial figure in the history of information security, including approaches to social engineering and penetration testing. Today, Mitnick operates his consultancy and serves as Chief Hacking Officer for KnowBe4.
Lesley Carhart | @hacks4pancakes
IT industry veteran and former Hacker of the Year Lesley Carhart consistently contributes to research and dialogue around incident response, digital forensics, industrial control system security, and more. Carhart is currently the Principal Industrial Incident Responder at Dragos.
Mikko Hyppönen | @mikko
Mikko Hyppönen is the veteran chief research officer of Finish cybersecurity company F-Secure. After three decades of experience analyzing and following the latest security threats, Hyppönen continues to offer his perspective on privacy, cybersecurity, and so-called “smart” devices.
Paul Asadoorian | @securityweekly
Once a penetration tester, Paul Asadoorian has been the founder and CEO of Security Weekly and host of a weekly show since 2005. Asadoorian has built a cybersecurity media force while also serving as a partner for Offensive Countermeasures and Tenable Product Evangelist.
Read more: Top IoT Security Solutions of 2021
Parisa Tabriz | @laparisa
Google’s Security Princess is Parisa Tabriz, one of the technology giant’s most esteemed hackers. Tabriz has led Google Chrome’s security since 2013, which extends to managing Product, Engineering, and UX today. Tabriz is a tireless advocate for ethical hacking.
Rachel Tobac | @RachelTobac
Three-time winner of DEF CON’s Social Engineering Capture the Flag Contest, Rachel Tobac is a hacker and CEO of SocialProof Security. Tobac’s expertise in social engineering and spreading awareness provides excellent insight into today’s sophisticated threats.
Richard Bejtlich | @taosecurity
Richard Bejtlich is the former first Director of Incident Response for General Electric and C-suite executive for FireEye and Mandiant. Since 2003, Bejtlich’s blog TaoSecurity has been a leading resource for network security monitoring practices and cybersecurity trends.
Robert M. Lee | @RobertMLee
Founder and CEO of Dragos Robert M. Lee started his career as a Cyber Warfare Operations Officer for the U.S. Air Force before building the SANS Institute’s first dedicated ICS monitoring courses. Lee continues to be a leading voice critical infrastructure cybersecurity space.
Read more: Top 11 Breach and Attack Simulation (BAS) Vendors
Runa Sandvik | @runasand
Runa Sandvik was a hacker and early developer of the Tor network before her rise to senior director of information security for the New York Times. Today Sandvik is an independent researcher and consultant and advocate for strengthening freedom of the press and privacy.
Samy Kamkar | @samykamkar
Hacker, researcher, and entrepreneur Samy Kamkar launched a unified communications company as a teen before setting off an XSS attack against MySpace. Lesson learned Kamkar continues to test security integrity as co-founder and CSO of Openpath Security.
SwiftOnSecurity | @SwiftOnSecurity
The pseudonymous information security expert known as SwiftOnSecurity is a prominent voice in the universe of cybersecurity. They continually offer a balanced dose of genuine insight into systems and security with the funniest and hardest-hitting memes for SysAdmin.
Also read: Top Threat Intelligence Platforms
Tavis Ormandy | @taviso
Tavis Ormandy is an ethical hacker and an information security engineer for Google Project Zero. Ormandy’s expertise includes vulnerability hunting, research, and software development with a bundle of GitHub contributions and published research.
Thaddeus Grugq | @thegrugq
Commonly known as just the Grugq, Thaddeus Grugq is a security researcher and hacker known for publications and commentary regarding forensic analysis, international espionage, and cybersecurity. In recent years, Grugq has talked openly about high-end exploit brokering.
Troy Hunt | @troyhunt
Troy Hunt is an Australian web security consultant and perhaps most known for his project Have I Been Pwned (HIBP), which helps users confirm if their data was compromised due to a breach. After 14 years of enterprise experience at Pfizer, Hunt offers his expertise in a weekly vlog.
Read more: Top Cybersecurity Companies
Article Updated by Zephin Livingston on October 3, 2022